By Anthony Frum
Product Specialist, Skyhigh Security

Skyhigh Security Backs the Market’s Most Robust Security Service Edge Infrastructure with its Strongest Service Level Agreement

If you are old enough to remember the release of the original Nintendo, you have lived through some of the most rapid technological changes in human history. A person from the Nintendo era would be shocked to see how much of the world's affairs are conducted via public internet connections to cloud applications. Think about the impact to an organization if this capability was hindered or broken. To a large degree, their entire workforce would be dead in the water, disconnected from every tool that enables them to perform their job functions. Such an event could cost large organizations many millions of dollars per day. This is the gravity of the responsibility assumed by today's Security Service Edge (SSE) vendors when they agree to manage and secure the network traffic of their customers, both large and small.

It's for this reason that Skyhigh Security has been maniacally focused on advancing the performance and reliability of our Skyhigh SSE platform from day one. Most security vendors claim to be "industry leaders" hollowing out the term’s meaning, but here it's truly applicable for Skyhigh Security. We've led the charge with the first Service Level Agreement (SLA) in the industry to guarantee "five nines" of availability meaning 99.999% uptime. This allows for less than six minutes of downtime in an entire year. Skyhigh Security was also the first to fully support filtering of the HTTP/2 protocol harnessing the performance improvements it offered without any loss of functionality.

A few years ago, our engineers recognized the direction the market was moving and decided to embark on what constituted a ground-up rebuild of our entire cloud infrastructure. In this new architecture, our network teams realized that a cloud infrastructure is not strictly a numbers game where more Points of Presence (POPs) would always be the answer. Instead, larger, strategically placed POPs were deployed around the world with dedicated, high-bandwidth peering connections to thousands of the largest applications and ISPs in the world. This maximizes throughput and minimizes latency between our infrastructure, our clients, and the web content they access to the degree that it can even result in "negative latency".

As a result of these design decisions and the enormous investments we've made in our infrastructure, Skyhigh Security was able to maintain our industry-first SLA of five nines throughout the COVID-19 pandemic. While the world was experiencing a 600% spike in cloud usage, our infrastructure was able to maintain our committed availability and even maintained latency metrics of less than half our target goals. Of course, the increased utilization was not transitory, so permanent, additional investments quickly followed and are continuing to be made. At the time of this writing, the Skyhigh infrastructure includes over 85 permanent POPs in at least 50 countries, and we have funded plans for significant additional growth in the coming months.

Despite all the technology and data points, a prudent buyer will look for more evidence before putting the fate of their organization in the hands of an SSE vendor. While the proof is truly in the pudding, many customers expect vendors to put their money where their mouth is in the form of an SLA. Skyhigh Security has led the industry being the first to guarantee 99.999% availability for the SkyhighSecure Web Gateway (SWG). Now, however, we have taken the additional step of breaking from the industry standard approach of excluding that SLA from HTTPS traffic which has to be decrypted. Our guarantee of 99.999% availability now applies equally to encrypted traffic that we decrypt for scanning.

Not only do we pledge to maintain such exceptional availability, but we also concurrently guarantee exceptional performance. We include in our SLA a promise that our filtering services will not introduce more than 100ms of latency in traffic filtering. This, again, applies to both encrypted and unencrypted traffic. Other vendors make bold claims of superior latency numbers such as 10ms for unencrypted traffic or 50ms for encrypted traffic, but a careful reader will find a “get out of jail free card” hidden in the legalese. This latency SLA excludes any traffic that is “subject to DLP and threat scanning.” To put it another way, they're guaranteeing they will not introduce any significant amount of latency provided they don't have to perform any significant scanning. Of course, it's easy to promise a job done quickly provided nothing has to get done! Skyhigh has no such exclusion, so while our latency guarantee might be less flashy, it carries real meaning.

Part of how Skyhigh Security meets the very high expectations and needs of our customers is by employing a variety of flexible tools in building our infrastructure. One example of this is our containerized and highly-portable technology which can be deployed in a wide variety of environments and platforms. In the past, we have leveraged this to "burst into the cloud" to deal with sudden changes in traffic patterns such as when the pandemic went into full swing. All-new POPs can be deployed in roughly a day while existing POPs can be scaled up in minutes. This type of elasticity is just another weapon in the arsenal we use to keep our customers' environments secure and available.

Other vendors have dismissed this strength bragging about their approach of keeping “every datacenter uniform and consistent (down to every cable plugged into the same port globally).” While this uniformity and consistency may sound appealing, such rigidity does not actually achieve better results. Consider what it takes to build out a new POP in a datacenter. Think of the time needed to identify where your POP should be hosted, who should be your hosting partner, the process to onboard such a partner, scoping out the hardware required, getting budget approval, the procurement process, and the actual work of building it. Also consider current circumstances with semiconductor and chip manufacturing shortages and other supply chain challenges. How quickly could a vendor realistically make a change if there was a sudden shift in traffic patterns? Even if they were moving mountains internally to speed up the process, it could take several months to make a meaningful change! Having a variety of deployment options is absolutely crucial, and this sort of idealistic rigidity is simply short-sighted.

In the end, a service level agreement is really just a piece of paper. It may entitle your organization to free service or the ability to back out of your agreement with the vendor, but it will not buy back the lost business caused by an extended outage. It is the insightful design decisions, elastic infrastructure, and monumental infrastructure investments Skyhigh Security has made that will keep our customers' businesses online. However, our truly industry-leading service level agreement is a strong indicator of the confidence our leadership and engineering teams have in the speed and reliability of our platform.